search

jamf / scout-public

A tool to aggregate devices across multiple MDM servers
GNU General Public License v3.0
11 stars 3 forks source link

Add audit / activity / application log #6

Closed jacobschultz closed 5 years ago

jacobschultz commented 5 years ago

This task involves adding logging to the scout application to cover user activity and admin audit logs when settings and other items are changed. Scout is using a node module called Winston to do worker logging currently. (This lives in the logs/worker.log file.) It allows a log file name to be specified, as well as logging debug levels. Make sure the time, user and exact actions performed in these scenarios is logged in case an audit would ever need to occur.

Tasks:

  1. Configure winston to look at a new log called 'access.log' that goes in the same /logs directory as other files.
  2. Log when the Scout Admin user is accessed / emergency server access is granted.
  3. User permissions are updated
  4. The .env file is updated from the admin settings pane
  5. New user login and creations
  6. A new report is created or an existing report is edited
  7. A report is run. (Log subset results and the mongo query)
  8. Log when the user manually refreshes devices in the dashboard
  9. Log when MDM commands are sent

Pull Request Ready When:

  1. There are accurate and helpful log entries for all of the above actions that are contained in the access.log file.
alex-stout commented 5 years ago

@jacobschultz https://github.com/jamf/scout-public/blob/8b3e8569b95fc7066f3b61454ea45483b141d410/api/controllers/servers.js#L88

Is this check actually implemented? It doesn't look like there's a permissions check.